|
|
|
|
|
|
by abhishektwr
2220 days ago
|
|
|
Assuming you are using traditional web app and not SPA, I think it’s absolutely possible to generate restricted access tokens for anonymous users either using Machine to machine (M2M) client authentication or service account (SA) client authentication basically without any user context. Many Identity as a service providers supports M2M, and platform I am in involved supports both M2M/SA (disclaimer in profile). You can effectively attach an anonymous role to your OAuth client of type M2M/SA and start issuing access tokens. For SPA it could be complicated. |
|
|